File _patchinfo of Package patchinfo.33585

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.33585

<patchinfo incident="33585">
  <issue tracker="cve" id="2024-41110"/>
  <issue tracker="bnc" id="1228324">VUL-0: CVE-2024-41110: docker: Authz zero length regression</issue>
  <issue tracker="bnc" id="1214855">umarshalling volume options for volume: unexpected end of JSON input</issue>
  <issue tracker="bnc" id="1221916">L3: SLES15-SP4: Docker buildx build fails to COPY from build stage using nested links</issue>
  <issue tracker="bnc" id="1223409">[trackerbug] docker 25.0.5 update</issue>
  <issue tracker="bnc" id="1219267">VUL-0: CVE-2024-23651: docker: race condition in mount</issue>
  <issue tracker="bnc" id="1219438">VUL-0: CVE-2024-23653: buildkit: BuildKit API doesn't validate entitlement on container creation</issue>
  <issue tracker="bnc" id="1219268">VUL-0: CVE-2024-23652: docker: arbitrary deletion of files</issue>
  <issue tracker="cve" id="2024-23653"/>
  <issue tracker="cve" id="2024-23651"/>
  <issue tracker="cve" id="2024-23652"/>
  <packager>cyphar</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for docker</summary>
  <description>RETRACTED: This update for docker fixes the following issues:

- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)

Other fixes:

- Update to Docker 25.0.6-ce. See upstream changelog online at
  &lt;https://docs.docker.com/engine/release-notes/25.0/#2506&gt;
- Update to Docker 25.0.5-ce (bsc#1223409)

- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
  symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
  future Docker starts failing due to empty files. (bsc#1214855)

</description>
<retracted/>
  <message>Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?</message>
</patchinfo>

Places

File _patchinfo of Package patchinfo.33585

Places